[asterisk-dev] auto blacklisting "script kiddies"

Jason Burton jburton at picriverisp.net
Fri May 4 09:27:01 MST 2007


Can you just blacklist an IP based on the connection frequency and if they
are using different usernames/passwords for every attempt?

If 1.1.1.1 connects using jar/10032103 and jar/12031203 and jar/120102312
blacklist

If 1.1.1.1 connects using jar123/10032103, jar124/10032103, jar125/10032103
Blacklist

Blacklist should be a certain period of time. You can have a mess on your
hands if you make static lists that do not empty after a period of time?
What happens if someone legit tries to connect with a blacklisted IP?
Filtering script kiddies can be complicated if they do it from public
hotspots that your customers might use?

-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com
[mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Friday, May 04, 2007 11:57 AM
To: asterisk-dev at lists.digium.com
Subject: Re: [asterisk-dev] auto blacklisting "script kiddies"

On Fri, May 04, 2007 at 12:10:07PM -0300, Christian Villa Real Lopes wrote:
> I like to improve this ideia as follow:
> 
> All already registered users IP create an whitelist that never 
> blacklists (or configurable never) plus an file/table with a whitelist.

But then, how will new connections register?
(unless you only have static SIP peers)

-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev



More information about the asterisk-dev mailing list